What do I need to know before the auditor shows up? Why does SOC 2 care about HR policy and practices and what are the relevant HR requirements? How do I incorporate the requirements over external parties and communications? Even more germane, how do I properly document for the audit?

Topics in this webinar include:

The relevant SOC 2 criteria impacting human resource management

The HR requirements that apply to customers, vendors, and communications

SOC 2 is a phrase that can strike fear and confusion into startups and small businesses, but there’s an easy way to talk about and respond to SOC 2 requests long before you undergo the time and expense of a formal SOC audit.

Most startups and SMBs first encounter the term “SOC 2” during the sales process when a customer asks if you are “SOC 2 compliant” or have a “SOC 2 certification.” In many cases, the customer or prospect doesn’t even know what SOC 2 really is, or what goes into a SOC 2 audit. They’ve just been told by their compliance director or security officer (or the pundit at an industry conference or webinar) that all vendors must “be SOC 2” to do business with their company. SOC 2 is as much a buzzword to many companies as it is an actual policy.

You can win SOC 2-contingent business by showing you understand the point of SOC 2, and that you can deliver SOC 2-style reliability even before you obtain formal compliance. The trick is understanding SOC 2 first.

In this webinar we cover what to do before you have an audit. How do you build trust with customers? What documentation should you have ready to share? Is there ever a time when it makes sense to wait to have an audit performed? What if an audit seems to expensive?

Risk analysis and risk management is one of the most important processes of SOC 2 preparation. A finely tuned process helps organizations ensure that they are prioritizing for the right things, and not spending unnecessary money. Risk assessment is the process of identifying assets, impact of asset loss, and likelihood of occurrence. Risk management is the process of selecting controls or other risk responses to adequately prepare for negative events.

In this webinar we cover the key processes that should be focused on when building a risk assessment and management program. We help you prepare for the unknown and ask questions that may come up in an audit. We review several risk registers as well as cover common audit questions.

One of the most common questions we receive is how much time smart contract auditing takes. The quick answer is ‘it depends‘, however in this post we’ll try to give you some guidance on how to plan for your audit.

Plan Ahead

Smart contract auditing should be included in your development plan from the very beginning. Too often, the decision to have an audit conducted is made at the last minute and it ends up costing more because of priority-rush charges.

We’re happy to work with you to turn an audit around quickly, but the best audit occur when all parties have plenty of time. We maintain high quality reviews in all cases, however when we have more time to work with our clients, it creates the best learning opportunities. Yes, it’s important to uncover vulnerabilities in smart contracts, but our goal is to help you learn from patterns we uncover so that future mistakes are prevented. Let us know before you’re ready and we can get you on our schedule ahead of time.

Audit Engagement

Once you’re ready for the audit, it takes a few days to initiate the project, finalize scoping, and sign our contact. You will be assigned a lead auditor and the audit of an average smart contract will take 2-14 days. This is completely dependent on the smart contract’s size and complexity. We’re happy to give time estimates before the project starts.

After we present you the audit findings, we will give you a remediation period and spend a couple days conducting remediation testing. Once all testing is complete, we will issue your public and internal reports.

This process can be completed from beginning to end in a about a week for simple contracts and up to a month for complex ones.